Identity Theft

Identity theft is a crime in which an attacker uses fraud or deception to obtain personal or sensitive information from a victim and misuses it to act in the victim’s name. Usually, perpetrators of such crimes are motivated by their own economic gain.

Identity Theft

Identity theft is a crime in which an attacker uses fraud or deception to obtain personal or sensitive information from a victim and misuses it to act in the victim’s name. Usually, perpetrators of such crimes are motivated by their own economic gain.

4 min read

4 min read

What is identity theft?

Identity thieves usually obtain personal information such as passwords, ID numbers, credit card numbers or social security numbers, and misuse them to act fraudulently in the victim’s name. These sensitive details can be used for various illegal purposes including applying for loans, making online purchases, or accessing victim’s medical and financial data.

Note

The term identity fraud is sometimes used as a synonym for identity theft, although the concept of identity fraud also encompasses the use of false or modified identity, as opposed to identity theft where criminals misuse someone else's real identity.

How it works?

Identity theft is closely linked to phishing and other social engineering techniques that are often used to pry sensitive information from the victim. Public profiles on social networks or other popular online services can also be used as the source of data, helping criminals to impersonate their targets.

When identity thieves have collected such information, they can use it to order goods, take over the victims’ online accounts or take legal action in their name. In the short term, affected individuals can suffer financial loss due to unauthorized withdrawals and purchases made in their names.

In the mid-term, victims might be held responsible for the perpetrators' actions and be investigated by law enforcement agencies as well as facing consequences such as legal charges, change in their credit status as well as damage to their good names.

According to a 2017 Identity Fraud Study, in 2016 identity theft caused $16 billion in damages to 15.4 million consumers in the United States alone. In the same year, UK fraud prevention organization Cifas documented almost 173,000 cases of identity fraud in the UK, the highest level since they began keeping records 13 years ago.

In the mid-term, victims might be held responsible for the perpetrators' actions and be investigated by law enforcement agencies as well as facing consequences such as legal charges, change in their credit status as well as damage to their good names.

According to a 2017 Identity Fraud Study, in 2016 identity theft caused $16 billion in damages to 15.4 million consumers in the United States alone. In the same year, UK fraud prevention organization Cifas documented almost 173,000 cases of identity fraud in the UK, the highest level since they began keeping records 13 years ago.

How to protect yourself from identity theft

Secure your connection: If you are going to use your personal information online, make sure you do so only when your connection is secure – preferably via home or corporate network or cellular data. If possible, avoid public Wi-Fi with no password protection. Should you have no other choice, use a virtual private network (VPN) that will encrypt all your communication and thus protect you from eavesdropping criminals.

Read more

Stay away from suspicious messages and sites: Visit our pages about spam and phishing to learn how to spot social engineering attacks that are after your sensitive data.

Maintain good password hygiene: Create strong passwords that are long, hard to guess, and unique. You can also use passphrases as they are easier to remember, or keep all your passwords in a password manager, to store them more securely. To add another layer of protection to your passwords, use two-factor authentication wherever and whenever possible. One important note: Never reuse any password for multiple accounts or services. This way, even if attackers are able to obtain this password, the damage they can cause is limited only to the compromised account (or service).

Monitor your bank and credit accounts: Check your online banking account and credit scores regularly for suspicious activity. This might help you uncover an attack before it causes extensive damage to your finances or reputation. Also, set limits for your transactions to prevent any misuse of your money.

Be careful with sensitive data: If you want to throw away any physical documents that contain personal information, make sure you discard them in a safe manner – by making them unrecoverable or by shredding them. A similar logic applies to your electronic devices: When selling or disposing of old smartphones, tablets or laptops, make sure you have wiped all the sensitive data they stored.

Don’t overshare: In an era where most users have multiple social media accounts, oversharing can be a serious problem. Even more so when the posts, photos or videos contain sensitive information that might be misused to impersonate you – such as your ID, purchase orders, flight tickets or any similar documents. Avoid posting any of these, as well as too many details about your personal life and history, which could be misused by the crooks to act in your name.

Credit monitoring and freezes: US users can ask for a credit freeze that will restrict access to their credit reports, making it more difficult for the identity thieves to misuse the stolen information. Another way to go is to select one of the credit monitoring services that watch for signs that someone is misusing your personal data. Users outside the US can check online whether there are similar services available in their region (UK users can read more here).